Proper REST response for empty table?

2019-01-13 04:03发布

问题:

Let's say you want to get list of users by calling get to api/users but currently the table was truncated so there are no users. What is the proper response for this scenario 404 or 204?

回答1:

I'd say, neither.

Why not 404 (Not Found) ?

The 404 status code should be reserved for situations, in which a resource is not found. In this case, your resource is a collection of users. This collection exists but it's currently empty. Personally, I'd be very confused as an author of a client for your application if I got a 200 one day and a 404 the next day just because someone happened to remove a couple of users. What am I supposed to do? Is my URL wrong? Did someone change the API and neglect to leave a redirection.

Why not 204 (No Content) ?

Here's an excerpt from the description of the 204 status code by w3c

The server has fulfilled the request but does not need to return an entity-body, and might want to return updated metainformation.

While this may seem reasonable in this case, I think it would also confuse clients. A 204 is supposed to indicate that some operation was executed successfully and no data needs to be returned. This is perfect as a response to a DELETE request or perhaps firing some script that does not need to return data. In case of api/users, you usually expect to receive a representation of your collection of users. Sending a response body one time and not sending it the other time is inconsistent and potentially misleading.

Why I'd use a 200 (OK)

For reasons mentioned above (consistency), I would return a representation of an empty collection. Let's assume you're using XML. A normal response body for a non-empty collection of users could look like this:

<users>
  <user>
    <id>1</id>
    <name>Tom</name>
  </user>
  <user>
    <id>2</id>
    <name>IMB</name>
  </user>
</users>

and if the list is empty, you could just respond with something like this (while still using a 200):

<users/>

Either way, a client receives a response body that follows a certain, well-known format. There's no unnecessary confusion and status code checking. Also, no status code definition is violated. Everybody's happy.

You can do the same with JSON or HTML or whatever format you're using.



回答2:

I'd answer one of two codes depending on runtime situation:

404 (Not Found)

This answer is pretty correct if you have no table. Not just empty table but NO USER TABLE. It confirms exact idea - no resource. Further options are to provide more details WHY your table is absent, there is couple of more detailed codes but 404 is pretty good to refer to situation where you really have no table.

200 (OK)

All cases where you have table but it is empty or your request processor filtered out all results. This means 'your request is correct, everything is OK but you do not match any data just because either we have no data or we have no data which matches your request. This should be different from security denial answer. I also vote to return 200 in situation where you have some data and in general you are allowed to access table but have no access to all data which match your request (data was filtered out because of object level security but in general you are allowed to request).



回答3:

If you are expecting list of user object, the best solution is returning an empty list ([]) than using a 404 or a 204 response.



标签: api http rest